Its 2 A.M.: Do You Know Where Your E-Mail Is?

Opinion: Morgan Stanley is facing disciplinary action because it said key e-mail messages were destroyed in the 9/11 terrorist attacks, but reportedly did not disclose that the backup records were intact.

Securities regulators on Dec. 19 filed a disciplinary complaint against one of the nations largest investment firms because, at best, it wasnt sure what e-mail was backed up. The worst-case scenario has Morgan Stanley telling investors that their e-mail records were destroyed in the Sept. 11 terrorist attacks on New York City, while knowing that the backup records of those transactions were intact.
Although the central facts of the case are in disputeMorgan Stanleys position is that the existence of the backup tapes was disclosed while the National Association of Securities Dealers says the disclosure was not madethe big-picture message is Morgan Stanley wasnt really sure what e-mail copies existed, what time period they covered and where they were.
Legal technology experts say the Morgan case barely touches the surface of the problem. Consider this scenario: For various legal reasons, you need to produce copies of e-mails sent between March 8 and March 20 dealing with the acquisition of the Smith Construction Company.

Due to a fire, the servers were destroyed. For whatever reason, the backup records were also destroyed. Do you have the right to say to the court, "Sorry, we dont have them anymore"? Are you obligated to conduct a search for those e-mails?

What if some copies still exist on an employees laptop? Or an employees home PC? Maybe on some portable media, such as one of those little 2GB SanDisk drives, or burned CDs (or DVDs) or an external hard-disk? Dont forget those PDAs and smart phones, too.
For that matter, what about looking beyond your firewall, outside your LANs limits? Your sent mail files may provide a trail to dozens of partners, contractors, suppliers, consultants and customers that your employees e-mailed those messages to. Those sought-after files may exist on those servers, too. In an endless loop, it could then also exist on those other companies backup servers and home PCs, and so on.
The typical e-mail system today does not provide a link to a single copy of the message sitting on a central e-mail server. The systems generate hundreds and sometimes thousands of full copies of these messages, either as straight text or attachments.
Thats not the problem of IT when it comes to preserving backups. But as federal rules change with legal discovery requirements, its going to become a very key issue for IT execs, as corporate attorneys will be relying on them to know about every possible copy of every e-mail. (Next step: voicemail, IM and Web comments.)
Corporate attorneys and IT executives "need to understand where they keep their electronic information. There can be a lot of negligence in this area," said Stan Gibson, partner at Los Angeles-based law firm Jeffer Mangels Butler & Marmaro. "As an inhouse lawyer, you very well may not know exactly what is out there, especially if you dont communicate with IT well."
Communicate with IT well? Isnt that one of those oxymorons, like jumbo shrimp or "the server is a little big"? Theres an old corporate motto that when a non-IT exec starts feeling like shes communicating well with IT, its probably time for her to cut back on her liquor.
But Gibsons point is still quite sound. As companies get more sophisticated technologically, the databases that IT commands are going to become more essential. That goes beyond CRM (customer relationship management) and ERP (enterprise resource planning) data and extends into e-mail and other data files.
Data can no longer be viewed as something concrete that needs to be stored and protected. Its information to be shared but also tracked. Companies view their ideas as intellectual property and yet few place any restrictions on where that property can go. Forget restrictions. How about settling for simple awareness?
Click here to read more about how companies are insuring against data loss.
Another concern showcased by the Morgan Stanley situation is the amorphous area of reputation. Whether its reasonable or not, company executives expect IT managers to have control over all company data. That expectation is now being extended to judges, juries and governments.
Two elements in establishing credibility with legal data disclosures: competence (a belief that IT has a professional mastery over its data) and honesty (that its saying everything it knows). When data status changes and reasonable steps to pursue data are not taken, that credibility is at risk. With judges, juries and government regulators, that can be something that will prove very costly to lose.
"This will probably cause opponents of Morgan Stanley to constantly question the bona fides of their disclosures," said Michael Gold, also a partner at Jeffer Mangels Butler & Marmaro. "These disclosures require a measure of candor."
As a practical matter, the emergence of personal mobile media makes it many orders of magnitude more difficult to control where information is going. On the plus side, it also makes it so much more likely that almost any piece of corporate communication can be found out there, if youre willing to look hard enough.
Retail Center Editor Evan Schuman has tracked high-tech issues since 1987, has been opinionated long before that and doesnt plan to stop any time soon. He can be reached at Evan_Schuman@ziffdavis.com.
To read earlier retail technology opinion columns from Evan Schuman, please click here. Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.

Evan Schuman is the editor of CIOInsight.com's Retail industry center. He has covered retail technology issues since 1988 for Ziff-Davis, CMP Media, IDG, Penton, Lebhar-Friedman, VNU, BusinessWeek, Business 2.0 and United Press International, among others. He can be reached by e-mail at Evan.Schuman@ziffdavisenterprise.com.